Automated Man-in-the-Middle Attack Against Wi-Fi Networks
Currently used wireless communication technologies suffer security weaknesses that can be exploited allowing to eavesdrop or to spoof network communication. In this paper, we present a practical tool that can automate the attack on wireless security. The developed package called wifimitm provides functionality for the automation of MitM attacks in the wireless environment. The package combines several existing tools and attack strategies to bypass the wireless security mechanisms, such as WEP, WPA, and WPS. The presented tool can be integrated into a solution for automated penetration testing. Also, a popularization of the fact that such attacks can be easily automated should raise public awareness about the state of wireless security.
Callegati, F., Cerroni, W., & Ramilli, M. (2009, Jan). Man-in-the-middle attack to the HTTPS protocol. Security Privacy, IEEE, 78–81. doi: 10.1109/MSP.2009.12
Cisco Systems, Inc. (2013). Catalyst 6500 release 12.2sx software configuration guide. Retrieved on January 29, 2018, from http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SX/configuration/guide/book.html
Deal, R., & Cisco Systems, I. (2006). The complete cisco vpn configuration guide. Cisco Press. Retrieved on January 30, 2018, from https://books.google.cz/books?id=ms-8AAAACAAJ
Droms, R. (1997, March). Dynamic Host Configuration Protocol (RFC No. 2131). Internet Engineering Task Force. RFC 2131 (DRAFT STANDARD). Retrieved on January 30, 2018, from http://www.ietf.org/rfc/rfc2131.txt
Fluhrer, S., Mantin, I., & Shamir, A. (2001). Weaknesses in the key scheduling algorithm of RC4. In S. Vaudenay & A. Youssef (Eds.), Selected areas in cryptography (pp. 124). Springer Berlin Heidelberg. Retrieved on January 30, 2018, from http://dx.doi.org/10.1007/3-540-45537-X_1 doi: 10.1007/3-540-45537-X_1
Godber, A., & Dasgupta, P. (2003). Countering rogues in wireless networks. In Proceedings of the international conference on parallel processing workshops (Vol. 2003-January, pp. 425–431). Institute of Electrical and Electronics Engineers Inc. doi: 10.1109/ICPPW.2003.1240398
Halsall, F. (2005). Computer networking and the internet. Addison-Wesley. Retrieved on January 22, 2016, from https://books.google.cz/books?id=QadX5XErZ9IC
Heffner, C. (2011). Cracking WPA in 10 hours or less – /dev/ttys0. Retrieved on April 4, 2016, from http://www.devttys0.com/2011/12/cracking-wpa-in-10-hours-or-less/ IEEE-SA. (2012, March). IEEE standard for information technology — telecommunications and information exchange between systems local and metropolitan area networks — specific requirements part 11: Wireless LAN medium access control (MAC) and physical layer (PHY) specifications. IEEE Std 802.11-2012 (Revision of IEEE Std 802.11-2007), 1–2793. doi: 10.1109/IEEESTD.2012.6178212
Kent, S., & Seo, K. (2005, December). Security Architecture for the Internet Protocol (RFC No. 4301). Internet Engineering Task Force. RFC 4301 (PROPOSED STANDARD). Retrieved on January 30, 2018, from https://www.ietf.org/rfc/rfc4301.txt
Klinec, D., & Svítok, M. (2016a). UPC UBEE EVW3226 WPA2 password reverse engineering, rev 3. Retrieved on January 30, 2018, from https://deadcode.me/blog/2016/07/01/UPC-UBEE-EVW3226-WPA2-Reversing.html
Klinec, D., & Svítok, M. (2016b). Wardriving Bratislava 10/2016. Retrieved on January 30, 2018, from https://deadcode.me/blog/2016/11/05/Wardriving-Bratislava-10-2016.html
Kumkar, V., Tiwari, A., Tiwari, P., Gupta, A., & Shrawne, S. (2012). Vulnerabilities of wireless security protocols (WEP and WPA2). International Journal of Advanced Research in Computer Engineering & Technology (IJARCET), 1 (2), 34–38. Retrieved on January 30, 2018, from http://ijarcet.org/wp-content/uploads/IJARCET-VOL-1-ISSUE-2-34-38.pdf
Liu, Y., Jin, Z., & Wang, Y. (2010, Sept). Survey on security scheme and attacking methods of WPA/WPA2. In 2010 6th international conference on wireless communications networking and mobile computing (wicom) (pp. 1–4). doi: 10.1109/WICOM.2010.5601275
Plummer, D. (1982, November). Ethernet Address Resolution Protocol: Or Converting Network Protocol Addresses to 48.bit Ethernet Address for Transmission on Ethernet Hardware (RFC No. 826). Internet Engineering Task Force. RFC 826 (INTERNET STANDARD). Retrieved on January 30, 2018, from http://www.ietf.org/rfc/rfc826.txt
Pluskal, J., Matoušek, P., Ryšavý, O., Kmeť, M., Veselý, V., Karpíšek, F., & Vymlátil, M. (2015). Netfox detective: A tool for advanced network forensics analysis. In Proceedings of security and protection of information (spi) 2015 (pp. 147–163). Brno University of Defence. Retrieved on January 30, 2018, from http://www.fit.vutbr.cz/research/view pub.php?id=10863
Prowell, S., Kraus, R., & Borkin, M. (2010). Chapter 6 - man-in-the-middle. In S. Prowell, R. Kraus, & M. Borkin (Eds.), Seven deadliest network attacks (pp. 101–120). Boston: Syngress. Retrieved on January 30, 2018, from http://www.sciencedirect.com/science/article/pii/B9781597495493000067 doi: http://dx.doi.org/10.1016/B978-1-59749-549-3.00006-7
Robyns, P. (2014). Wireless network privacy (Master's thesis, Hasselt University, Hasselt). Retrieved on January 30, 2018, from http://hdl.handle.net/1942/17516
Song, D. (2001, Dec). dsniff. Retrieved on January 27, 2018, from http://www.monkey.org/~dugsong/dsniff/
Tews, E., Weinmann, R.-P., & Pyshkin, A. (2007). Breaking 104 bit WEP in less than 60 seconds. In S. Kim, M. Yung, & H.-W. Lee (Eds.), Information security applications (pp. 188–202).
Springer Berlin Heidelberg. Retrieved on January 30, 2018, from http://dx.doi.org/10.1007/978-3-540-77535-5_14 doi: 10.1007/978-3-540-77535-5_14
Thomas, O. (2017). Windows server 2016 inside out. Pearson Education. Retrieved on January 30, 2018, from https://books.google.cz/books?id=rLfDDgAAQBAJ
Vanhoef, M., & Piessens, F. (2017). Key reinstallation attacks: Forcing nonce reuse in WPA2. In Proceedings of the 24th acm conference on computer and communications security (ccs). ACM.
Vondráček, M. (2016). Automation of MitM attack on WiFi networks (Bachelor's thesis, Brno University of Technology, Faculty of Information Technology). Retrieved on January 30, 2018, from http://www.fit.vutbr.cz/study/DP/BP.php?id=18596
Vondráček, M., Pluskal, J., & Ryšavý, O. (2018). Automation of MitM attack on Wi-Fi networks. In P. Matoušek & M. Schmiedecker (Eds.), Digital forensics and cyber crime (pp. 207–220). Cham: Springer International Publishing.
Vondráček, Martin; Pluskal, Jan; and Ryšavý, Ondřej
"Automated Man-in-the-Middle Attack Against Wi-Fi Networks,"
Journal of Digital Forensics, Security and Law: Vol. 13
, Article 9.
Available at: https://commons.erau.edu/jdfsl/vol13/iss1/9